Segmentation Violation in FreeType Affects Multiple Versions
CVE-2022-27406

7.5HIGH

Key Information:

Vendor: Freetype
Status: Freetype
Vendor: CVE Published:; 22 April 2022

What is CVE-2022-27406?

A segmentation violation has been identified in FreeType through the function FT_Request_Size, which can lead to unexpected behavior and potential exploitation in vulnerable applications. It's critical for users of FreeType to review their usage and ensure their systems are updated to mitigate potential risks.

References

http://freetype.com

https://gitlab.freedesktop.org/freetype/freetype/-/issues...

https://lists.fedoraproject.org/archives/list/package-ann...

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 22, 2022
Vulnerability Reserved
Mar 21, 2022

Freetype

What is CVE-2022-27406?

References

CVSS V3.1

Timeline